Re: Preventing SQLPLUS access?

IF you are referring to SQLPLUS on the client machine, then just remove the program...

Roberto Bruno (rbruno_at_centroin.com.br) wrote:
: Jurij Modic wrote:
:
: > On Fri, 6 Jun 1997 18:23:56 GMT, skubiszewski_at_Eisner.DECUS.Org wrote:
: >
: > >We have a large user base using a custom-written client-server
 application
: > >with Oracle as the database. Our developers are worried that crafty
 users
: > >will discover that they can use their application signon to come in
 via
: > >SQLPLUS. We don't want anyone manipulating the database from outside
 

: > >the custom application.
: > >
: > >Is there an easy way to prevent this from happening?
:
: One other way of doing this (even though I don't see why you would want
: to do it this way - one probable way is that anyone can download an ODBC
: driver and use on some other query tool, which could allow upgrades, as
: Microsoft Query) is to grant all privileges on the tables you need to a
: role, not to the user, and then grant that role to the user, NOT as the
: default role.
:
: The following step would be to hard-code into your application something
: like the set_role PL/SQL command that activates that role. As far as you
: don't give the role name away, this approach pretty much shuts the
: common user out of tables he would otherwise be able to update through
: standard SQL.
:
: If that sounds foggy, just drop me a mail and I can explain it in more
: detail (it can take some time - I don't check my e-mail that usually.
: Sorry, I'm a consultant and I travel a lot).
:
: Roberto Bruno.
:
  Received on Mon Jun 23 1997 - 00:00:00 CDT